In recent weeks, a wave of cyberattacks has struck some of the world’s most recognisable retail and luxury brands—The North Face, Cartier, Victoria’s Secret, M&S, Co-op, Adidas, and Harrods—exposing vulnerabilities in the systems that millions of customers rely on. These incidents have compromised personal data, disrupted operations, and delayed critical business. In this post, we take a look at the latest attacks on The North Face, Cartier and Victoria's Secret...
Over 2,800 customers of outdoor apparel giant The North Face have had their personal information exposed following a credential stuffing attack on the retailer’s website. The breach, disclosed by parent company VF Corporation, is the latest in a string of cyber incidents targeting the retail sector.
On 23 April 2025, VF Corporation detected suspicious activity on a subset of user accounts on thenorthface.com. An attacker used credential stuffing—a technique where hackers reuse login credentials obtained from other data breaches—to gain unauthorised access to customer accounts.
According to VF Corporation’s official notification, the compromised data includes:
Full names
Addresses
Email addresses
Dates of birth
Phone numbers
Account preferences
Purchase history
Crucially, no payment card information was compromised. The North Face doesn’t store card details on its website. Instead, it uses a secure token-based system handled by a third-party payment processor.
“Your credit card information is not at risk as a result of this incident,” the company’s letter emphasised.
VF Corporation says it identified and acted on the attack the same day. Impacted users had their passwords reset immediately. The company is urging customers to use strong, unique passwords and avoid reusing them across different platforms.
The core issue remains one of poor password hygiene—something cybercriminals continue to exploit. Credential stuffing campaigns work because many users still rely on the same login credentials across multiple services. Once one of those services is breached, attackers test the stolen usernames and passwords elsewhere.
It’s not a new tactic, but it’s still incredibly effective.
Luxury brand Cartier also disclosed that an “unauthorised party gained temporary access” to its systems. The company confirmed that personal data such as names and email addresses may have been accessed. However, like The North Face, Cartier assured customers that financial information remained secure.
In response, Cartier has strengthened its internal system protections and informed the relevant authorities. The precise scope of the breach is still under review, but the brand emphasised its commitment to enhanced vigilance and customer trust going forward.
Victoria’s Secret & Co is also dealing with the aftermath of a cybersecurity incident that impacted its IT infrastructure. The breach, discovered on 24 May 2025, led to the temporary shutdown of its e-commerce website and corporate systems on 26 May. Although the website was restored by 29 May, internal operations were still being recovered at the time of writing.
While the company insists the breach did not materially disrupt its Q1 operations—and preliminary results suggest strong performance—it postponed the release of its Q1 2025 earnings and its investor call originally scheduled for 5 June. Victoria’s Secret now plans to announce a revised date for these updates.
The company noted that although the attack hasn’t caused lasting operational damage, it is expected to incur costs and disruptions that may affect Q2 results. An internal investigation is ongoing under the direction of the board’s Audit Committee.
The recent spate of attacks—including high-profile breaches at M&S, Co-op, Adidas, and Harrods—highlights a persistent pattern: retailers remain lucrative targets for cybercriminals due to the high volume of personal data they collect and store.
These breaches share common themes:
Exploitation of credential reuse
Temporary access with potentially lasting impact
Emphasis on customer data rather than financial credentials
Delays and operational interruptions, even when systems are restored quickly
Use unique passwords for each account
Enable two-factor authentication where available
Be cautious of phishing attempts following breaches
As cyber threats against retailers and consumer brands continue to escalate, staying informed and prepared is more important than ever. At Periculo, our Threat Intelligence Service helps organisations detect, understand, and respond to cyber risks before they cause damage.
Sign up for our Weekly Threat Report to get concise, actionable updates on the latest breaches, vulnerabilities, and threat trends—every week.
Don’t wait for the next breach to find out you’re vulnerable. Stay ahead with Periculo.